Android逆向之利用Xposed为应用增加权限
来源:互联网 发布:魔兽争霸mac版百度云 编辑:程序博客网 时间:2024/05/16 16:57
利用Xposed删除权限
这个已经有人实现了,就是Xposed的作者,我们就先来研究研究他是怎么实现的,先上他的实现代码
public class PackagePermissions extends BroadcastReceiver { private final Object pmSvc; private final Map<String, Object> mPackages; private final Object mSettings; @SuppressWarnings("unchecked") public PackagePermissions(Object pmSvc) { this.pmSvc = pmSvc; this.mPackages = (Map<String, Object>) getObjectField(pmSvc, "mPackages"); this.mSettings = getObjectField(pmSvc, "mSettings"); }/*这个函数主要hook了 PackageManager 服务(负责系统中Package的管理,应用程序的安装、卸载、信息查询),实现了通过监听我们自己发出的广播,拦截权限授予功能来进行修改apk的权限的*/ public static void initHooks() { try { final Class<?> clsPMS = findClass("com.android.server.pm.PackageManagerService", XposedMod.class.getClassLoader());//获取这个PackageManager类 //注册监听广播,监听我们的设置更改,以实现立即应用设置 findAndHookMethod(clsPMS, "systemReady", new XC_MethodHook() { @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { Context mContext = (Context) getObjectField(param.thisObject, "mContext");//这个应该是系统的上下文,具体待研究 mContext.registerReceiver(new PackagePermissions(param.thisObject), new IntentFilter(Common.MY_PACKAGE_NAME + ".UPDATE_PERMISSIONS"), Common.MY_PACKAGE_NAME + ".BROADCAST_PERMISSION", null);//注册广播 } });//拦截PackageManager类中的grantPermissionsLPw函数 findAndHookMethod(clsPMS, "grantPermissionsLPw", "android.content.pm.PackageParser$Package", boolean.class, new XC_MethodHook() { @SuppressWarnings("unchecked") @Override protected void beforeHookedMethod(MethodHookParam param) throws Throwable { String pkgName = (String) getObjectField(param.args[0], "packageName"); if (!XposedMod.isActive(pkgName) || !XposedMod.prefs.getBoolean(pkgName + Common.PREF_REVOKEPERMS, false)) return; Set<String> disabledPermissions = XposedMod.prefs.getStringSet(pkgName + Common.PREF_REVOKELIST, null); if (disabledPermissions == null || disabledPermissions.isEmpty()) return; ArrayList<String> origRequestedPermissions = (ArrayList<String>) getObjectField(param.args[0], "requestedPermissions"); param.setObjectExtra("orig_requested_permissions", origRequestedPermissions); ArrayList<String> newRequestedPermissions = new ArrayList<String>(origRequestedPermissions.size()); for (String perm: origRequestedPermissions) { if (!disabledPermissions.contains(perm)) newRequestedPermissions.add(perm); else // you requested those internet permissions? I didn't read that, sorry Log.w(Common.TAG, "Not granting permission " + perm + " to package " + pkgName + " because you think it should not have it"); } setObjectField(param.args[0], "requestedPermissions", newRequestedPermissions); } @SuppressWarnings("unchecked") @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { // restore requested permissions if they were modified ArrayList<String> origRequestedPermissions = (ArrayList<String>) param.getObjectExtra("orig_requested_permissions"); if (origRequestedPermissions != null) setObjectField(param.args[0], "requestedPermissions", origRequestedPermissions); } }); } catch (Throwable e) { XposedBridge.log(e); } } @Override public void onReceive(Context context, Intent intent) { try { // The app broadcasted a request to update settings for a running app // Validate the action being requested if (!Common.ACTION_PERMISSIONS.equals(intent.getExtras().getString("action"))) return; String pkgName = intent.getExtras().getString("Package"); boolean killApp = intent.getExtras().getBoolean("Kill", false); XposedMod.prefs.reload(); Object pkgInfo; synchronized (mPackages) { pkgInfo = mPackages.get(pkgName); callMethod(pmSvc, "grantPermissionsLPw", pkgInfo, true); callMethod(mSettings, "writeLPr"); } // Apply new permissions if needed if (killApp) { try { ApplicationInfo appInfo = (ApplicationInfo) getObjectField(pkgInfo, "applicationInfo"); if (Build.VERSION.SDK_INT <= 18) callMethod(pmSvc, "killApplication", pkgName, appInfo.uid); else callMethod(pmSvc, "killApplication", pkgName, appInfo.uid, "apply App Settings"); } catch (Throwable t) { XposedBridge.log(t); } } } catch (Throwable t) { XposedBridge.log(t); } }}
这段代码的地址
参考
1.AppSettingshook权限代码
阅读全文
0 0
- Android逆向之利用Xposed为应用增加权限
- Android逆向之利用Xposed绕过悬浮窗权限
- Android逆向分析之Xposed的hook技术
- Android逆向分析之Xposed的hook技术
- Android逆向之Xposed不重启手机替换hook代码(并不是简单替换字符串)
- Android Xposed框架 -- 应用篇
- 【逆向】为记事本增加功能分析
- android权限管理, API劫持, xposed, xprivacy
- 为Android SDK增加应用案例实现
- 安卓逆向之基于Xposed-ZjDroid脱壳
- 安卓逆向之基于Xposed-ZjDroid脱壳
- Android 中利用XPosed拦截系统消息
- Groovy应用:利用GFreeMarker为FreeMarker模板增加插件功能
- [Android开发] Xposed 插件开发之二: Xposed一些知识
- Android逆向之利用lua动态替换java中方法
- 逆向分析Android应用
- 为mediaserver增加定制权限
- 深入理解Android之Xposed详解
- 深度:GGMM M3靠什么挑战国际大牌音箱?
- 同时通话和上网,金立M5 Plus两不误
- 超级续航如何玩出新花样?金立M5 Plus苦练内功提升表现!
- 应用商店最新排名:应用宝连续三月领跑 手机厂商崛起
- vivo X6Plus全网通远航版系统优化太给力!再次突破连续看片极限
- Android逆向之利用Xposed为应用增加权限
- qt5.6.1-hisiv200-交叉编译
- Servlet学习之会话技术
- [luogu-1007]独木桥 题解
- Linux服务器上搭建FTP服务
- 05-树8 File Transfer(25 分)
- 腾讯丁珂:打击信息诈骗统一战线不存在“旁观者”
- 享居派CEO李斯发:一个传统行业转型互联网人的方法论
- 3Glasses王洁:中国式VR的成长机会 | CES 2016